Ubuntu
cifs-utils package

unable to mount CIFS share with comma in password

Bug #1069915 reported by Thorsten Tüllmann
286
This bug affects 8 people
Affects Status Importance Assigned to Milestone
cifs-utils (Ubuntu)
Confirmed
Undecided
Unassigned
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Since the update to Quantal I am unable to mount CIFS shares with a comma in the password:

root@lama ~ # PASSWD=",password" mount -t cifs //cifs.example.org target -o username=user,domain=dom,uid=4711,gid=12345
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
32 root@lama ~ # dmesg | tail -1
[17848.954253] CIFS: Unknown mount option "password"

The same thing happens with a credential file and the password prompt.

This looks like a parser regression:
mount.cifs(8) explains:
           Note that a password which contains the delimiter character (i.e. a
           comma ´,´) will fail to be parsed correctly on the command line.
           However, the same password defined in the PASSWD environment
           variable or via a credentials file (see below) or entered at the
           password prompt will be read correctly.

This is pretty evil, as it exposes parts of the password through dmesg.

See original description
Thorsten Tüllmann (ttuellmann)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cifs-utils (Ubuntu):
status: New → Confirmed
Revision history for this message
Carlos Capote (mail-carloscapote) wrote :

Same problem here. Indeed, it affects to every user having a comma on its password!

Revision history for this message
Dee (dmusil-x) wrote :

Comma in password is just a common case. Password is not possible to put in between '' or "", what is a major issue.

Revision history for this message
test051102 (test051102) wrote :

I am also affected by this problem. The previous comment of Dee is wrong. Passwords can be successfully put into "". When choosing a password like "a, b" mount outputs "mount error(22): Invalid argument". But dmesg reports "CIFS: Unknown mount option " b".

This clearly indicates a software problem. The software tries to seperate arguments by using the comma character. It does not respect complex passwords embedded in "" characters.

It is some kind of standard to use complex and possibly "secure" passwords today. This cannot be achieved by using CIFS on Linux. It would be very nice if this could be fixed.

Revision history for this message
Thorsten Tüllmann (ttuellmann) wrote :

Almost three years later I am not involved in Ubuntu any more. As I still get emails from time to time, so I figure, this has not been fixed yet. I involved the Ubuntu Security Team, as this obviously is an information disclosure vulnerability.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

There's so many different ways to get the password in the mount.cifs.c sources that I wouldn't be surprised if one path works fine while another path fails this way.

For those who can test this, it would be nice to test mount -t cifs vs calling mount.cifs directly, and it'd be worth testing the PASSWD environment variable, the PASSWD_FD environment variable, the PASSWD_FILE environment variable, the --pass and --password and -p command line options, the systemd-ask-password prompt, the getpass() password prompt, the credentials file.

The kernel sources also appears to log unknown options only if "sloppy" isn't being used:
        if (!sloppy && invalid) {
                pr_err("CIFS: Unknown mount option \"%s\"\n", invalid);
                goto cifs_parse_mount_err;
        }

so be sure to test with and without sloppy to make sure you're testing the right thing.

Thanks

information type: Public → Public Security
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1069915

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Seth Arnold (seth-arnold) wrote :

The bug description includes dmesg output demonstrating the issue is real; comment #6 includes the kernel source that probably emitted the logs in the description. Thus setting to 'confirmed'.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Trevor Sullivan (trevortds3) wrote :

This bug is still unfixed, and it causes problems not only for passwords, but for the record name too.

# mount.cifs "\\\\record\\with\\comma\\in, name" ./mountpoint
mount error(22) Invalid Argument

In /var/log/kern.log

CIFS: Unknown Mount option " name"

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.